3 matches found
Configure a Proper Number of Queues in the SYN_RECV State
The SYNRECV queue stores the TCP connection requests that have not been confirmed by the peer end. A larger value indicates more waiting network connections. If the value is too small, the system is vulnerable to TCP SYN flood attacks. As a result, normal connections are denied. If the value is t...
podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile
A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the hos...
DEBIAN-CVE-2015-3631
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...